+1 never been a big fan of the duplicate. Would still be better to have a migration in case someone used the new disabled property to avoid bad surprises with security
Le jeu. 22 août 2019 à 16:01, Simon Urli <[email protected]> a écrit : > Hi everyone, > > I recently (in XWiki 11.6RC1) introduced a new property "enabled" in > XWiki.User as part of https://jira.xwiki.org/browse/XWIKI-12654 to > distinguish between inactive users (who have not confirm their > registration with the token sent by email), and disabled users (who are > deactivated by an admin, or by a security mechanism). > > Now as Marius noticed those two properties are quite redundant, > especially when you want to know which users are really active. > So it introduces unnecessary complexity and we might even need to change > existing extension to check enabled users (cf the last comments on > XWIKI-12564). > > So before doing those changes, I propose to fix immediately the issue by > removing that newly introduced property and by introducing a new > property only for assessing that users' email are checked. > > Then we will only have to check "active" property to check if a user is > active or not, and we could rely on it to set them enabled or disabled > in the admin. > The email_check property would be used only for the check email > mechanism, so it will avoid any confusion in the semantic. > > WDYT? > Simon > > -- > Simon Urli > Software Engineer at XWiki SAS > [email protected] > More about us at http://www.xwiki.com >
